Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
197
Views
0
Helpful
0
Replies

Reverse Telnet with AAA Fails

David Lee
Level 1
Level 1

‎07-15-2015 02:37 PM - edited ‎03-10-2019 10:54 PM

Hello All,

 

I have a Cisco 2901 Router connected from the Aux port into the Console port of a 2960 switch.  Before I enabled AAA and only used local auth, everything worked peachy.  Now that AAA is on, no matter if I use a local account or a TACACS+ account I am unable to login to the switch on the console port.   Below is what I get.  Eventually it will timeout. 

 

''GGR-C2901-15#telnet switch15
Trying switch15 (1.1.1.1, 2001)... Open


User Access Verification

Username: admin
Password:'''

 

Here is how I have the AAA setup on the router and the switch

 

 

aaa authentication login Goody local group tacacs+
aaa authentication login Console local

 

 

I don't deal with authorization since anybody that is getting into these devices are on a very short list.  The console port on the switch has the following

 

""Login Authentication Console"" 

 

I want the console port to always use the local user database.  If it can't work that way, its fine.  The Goody system is supposed to use the TACACS+ users first and if TACACS+ is down, then it switches to the local database.  That one I tested without issue and it works as expected.  If I assign that to the console port on the switch, that also fails.  I even tried assigning unique dummy IP addresses to the loopback for the switch access.  All the dummy IPs are not networked into my BGP pool so I highly doubt I am hitting another device. 

 

Any pointers on this would be very helpful. 

 

Thanks,

 

David

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents